SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
- Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
- Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
- Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 165 - August 27th, 2009
- We're looking for two interns - local to the Rhode Island area, listen to the podcast, into linux, and able to lift 30 lbs. If that description sounds like you, please send us a note via psw [at] pauldotcom [dot com]
- The newly minted Pittsburgh Information Security Users Group invites all to their Capture the Flag - "Hax0r style" event on September 17th. They invite all to "Red Team" some Linux and Windows boxes and collect cool prizes.
- The Louisville Metro InfoSec Conference in, well, Louisville, offers John Strand as Keynote and serves PaulDotCom Asadoorian as Breakout Speaker. If that were not enough, they will also have a Capture The Flag event and Irongeek! All the above for the very low price of $99 on October 8th.
- Community SANS: Sec 542 Web Application Penetration Testing - SANS is pleased to announce Community SANS Providence, running Monday, October 5 - Saturday, October 10. Larry will teach Security 542: Web Application Penetration Testing and Ethical Hacking. The course will be hosted by Brown University.
Daniel Suarez (a.k.a., Leinad Zeraus) is an author of two books, self-publisher, consultant to Hollywood, and an independent systems consultant to Fortune 1000 companies. He has designed and developed enterprise software for the defense, finance, and entertainment industries. He is an avid gamer and technologist, and the author of the simply awesome book "Daemon".
Questions for Daniel
- Tell us about your background in IT, how did you get started in your career.
- What is daemon about and why did you choose to write it?
- Why is "Daemon" so scary? Are we all going to die?
- Where any of the characters based on people you know?
- The "loki" character seemed like the most fun to write, why are the bad guys so appealing in this story?
- What was the inspiration behind the story? A specific program you wrote to take over the world?
- Why "Leinad Zeraus"? Why the change back?
- I try to write a cron job to run backups and I'm lucky if it runs, how do you expect us to believe the Daemon to run without fail? Does it heal itself?
- What changes do we need to make to prevent these pitfalls from happening?
- Why is it that people are compelled to do what the screen tells us to do? What does this mean for our future?
- How did your work as a systems analyst for 17 years affect Daemon?
- What was it like to be courted by Hollywood? When can we expect the movie? Will the movie include both Daemon and Freedom?
- Tell us what you can about "Freedom".
- If you were transported 75 years into the future, what would you be writing about?
- Southwest airlines calls me to tell me my flight is delayed, that scares me! Why?
- As it stands now, could you affect enough change on data that is read by bots to destroy someone's life? Bots determine your credit score, your healthcare coverage, electronic records determine you criminal status, drivers license, utilities in your home, etc... Is this a valid concern moving forward?
- BMW and Mecedes can be tracked? Tire pressure monitoring? Without onstar or GPS? Is this real tech?
- There are some that say there is no way that AI can create a Twitter account that is a bot that would be believable, do you believe this to be true?
Listener Mike wrote in, and I wanted to get your thoughts:
Paul, I'm not sure that I'd necessarily characterize the appearance of Twitterbots that are virtually indistinguishable from real people as evidence that computer AI is getting good. Rather, I'd see it as evidence that Twitter makes people stupid. Or at least, as failing the Turing test.Then again, I'm not convinced that a lot of people I work with would pass the Turing test themselves, even without the artificial limitations imposed by Twitter. :-) (AI is a topic near and dear to my heart. I don't think we're anywhere near anything even coming close to something we could even imagine as approaching 1/infinity of what a true, hard AI would be.)
About The Story
From the Daemon's website:
A timely and relevant story...
Daemon brings readers on a harrowing journey through the dark crawl spaces of the modern world. It's a cutting-edge high-tech thriller that explores the convergence of MMOG's, BotNets, viral ecosystems, and corporate dominance—forces which are quietly reshaping society with very real consequences for us all. It all begins when one man's obituary appears online. . .
Matthew Sobol was a legendary computer game designer—the architect behind half a dozen popular online games. His premature death from brain cancer depressed both gamers and his company’s stock price. But Sobol’s fans weren’t the only ones to note his passing. He left behind something that was scanning Internet obituaries, too—something that put in motion a whole series of programs upon his death. Programs that moved money. Programs that recruited people. Programs that killed.
Confronted with a killer from beyond the grave, Detective Peter Sebeck comes face-to-face with the full implications of our increasingly complex and interconnected world—one where the dead can read headlines, steal identities, and carry out far-reaching plans without fear of retribution. Sebeck must find a way to stop Sobol’s web of programs—his Daemon—before it achieves its ultimate purpose. And to do so, he must uncover what that purpose is...
Video Tech Segment: Scanning through tor... Better then you think?
Valsmith and his crew gave an excellent presentation on client side attacks at Defcon 17 this year. There was a great section in their presentation on using Tor networks for scanning. I wanted to elaborate on scanning with Tor and find ways to do it faster and better as a professional tester. The reason is many environments utilize dynamic shunning to block attack IP addresses, and quite frankly.. It is not as effective a defense as one would believe.
Stories For Discussion
- Malware by Mail - [Larry] - While not an new attack vector, it is interesting to note the form that it is taking; as a social engineering attack spoofing the NCUA for delivery of training materials on CD-ROM.
- Secure Printers? - [Larry] - Looks like the IEEE is trying to do the right thing by developing security mechanisms and printer security evaluation checklists. To what end? It appears that the security will not be on every model, and is user configurable. that means that you can turn it off, or it may not be on by default - meaning never implemented to begin with.
- I have a new Google search... - [Larry] - Looking for wpa_supplicant.conf and wpa_supplicant.conf.sample. Why? Well, this one form pastebin contains the WPA keys needed to gain access to the appropriate networks. And, a quick search through Wigle for one of the unique names only turns up one hit...
-  - [Larry] - Details are light, but Japanese computer scientists allegedly took a largely theoretical attack against WPA and made it practical. They were able to crack WPA in under a minute, with apparently no pre-computed tables. Stay tuned, as they are releasing the details in the next few weeks.
- Beercan sized bots! - [MikeP.] - Imagine for a minute if that Coors can you walked by was actually a spy. Better yet, buy us a keg of beer and we'll ponder that one for you.
- WPA TKIP broken in 1 minute? - [PaulDotCom] - Ah, the controversy, was this really a ground-breaking paper deserving of all the press? Or is it only a slight improvement on the TKIP attacks we talked about before? Josh seems to think its a new attack that relies on the results of the old attack which wouldn't make it faster per se...
- Fun with a botnet owner - [PaulDotCom] - Wow, a 10,000 mode botnet was claimed to have sold for $800? That seems really low. If you own a botnet, my suggestion is rent, not sell. Also, use encryption when your bot communicate, or even better maybe even a social network like Twitter!
- Read the details on the botnet here
- Jessica Biel is the most dangerous celeb in cyberspace - [PaulDotCom] - Ah, social engineering at its finest, and they seem to target men, and well, their desire to find famous women online :) Its an interesting search for the celebs who yields the most malware when you search from them. It makes a great headline, but then again, who really cares? When did Star make its way into infosec?
- Cisco Lightweight Access Point Over-the-Air Provisioning Manipulation Vulnerability - [PaulDotCom] - I would not call this a low level vulnerability. Cisco has penetrated the market, and in some cases given the wireless hardware to customers (or at least at a signifigant discount). The ability to control the access point's communications protocol used to communicate with the controller is a big deal. Some further reverse engineering, and you can intercept all of the traffic on the wireless lan. Cisco describes it as a DoS, but it could be worse. I hate it when vendors play down vulnerabilities. If you look at the attack surface, and how much an attacker has to gain by exploiting this vulnerability, its worth reversing the protocol. Its this type of analysis that missing from vulnerability reports, especially ones from vendors.
- Massive Twitter XSS Vulnerability - [PaulDotCom] - Looks like twitter had trouble fixing it too, yikes. Vulnerabilities in Twitter could be bad. Bad means that just by see a tweet, you follow a link. Being able to send tweets as other people could be fun!